Fresh Spam Mails Abusing itunes Store Receipts, Reports Pandalabs
Researchers at PandaLabs the security company are cautioning that a fresh malicious e-mail campaign which's mistreating receipts associated with the iTunes Store is presently circulating online. Paradoxically, the medium of the spam assault is Flash, a mechanism which Apple just won't utilize to fix the apparent security weaknesses in its products.
Suggest details from PandaLabs, the spam mails display the header "Your receipt #[random digits]" with the sender's address spoofed as firstname.lastname@example.org.
And while mistreating the actual template of receipts that the iTunes Store of Apple uses, the spammers talk about a so-called ordered item known as "Whatever You Like [Digital 45]." The price given though isn't the same in all the messages; however, it is beyond $500.
The idea to present such a large price is for frightening recipients so much that they tend to believe they've to pay for an extremely costly item, which they actually never ordered.
Moreover according to PandaLabs, users are dispatched an iTunes receipt, which appears wholly genuine devoid of any telltale spelling mistakes alternatively problems in the source code of the image.
Evidently, the attack starts with the spam recipient summoned for opening a web-link that's associated with "report a problem."
And when clicked, the link leads the victim onto a page that directs him to take down one bogus PDF reader, PandaLabs states which Pcmag.com published on October 4, 2010. Thereafter, with the download complete, the victim gets diverted onto a contaminated site serving Trojan Zeus, which steals the user's private information, the security company observed.
Worryingly, this e-mail assault was discovered within a brief period of a same type of phishing assault that struck users of LinkedIn during the end-week of September 2010. That phishing assault seemed to emanate from Russia and which Cisco another security company spotted.
Besides, it becomes clear from the aforementioned malicious e-mail campaign that 55% of the entire fresh threats arrived with Trojans. PandaLabs' security branch recently disclosed this within its Q3-2010 report. Indeed, the majority of these trojans happened to be banking trojans that, designed to entice Web-surfers to visit fake sites, tried to capture their credentials.
Related article: Fark.com Files Suit against Suspected Hacker from Fox13
» SPAMfighter News - 08-10-2010